AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2017-3526: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported vers

mediumvulnerability

security

Source: NVD/CVE DatabaseApril 24, 2017CVE-2017-3526

Summary

A vulnerability in Oracle Java SE's JAXP component (a library for processing XML documents) allows attackers over the network to crash Java applications without authentication, affecting Java versions 6u141, 7u131, 8u121 and related products. The attack is difficult to exploit but can be delivered through multiple methods, including malicious Java Web Start applications (Java programs downloaded and run from the web) and web services. The vulnerability has a CVSS score (a 0-10 severity rating) of 5.9, indicating moderate impact focused on availability disruption.

Vulnerability Details

CVSS Score

7.1

EPSS (30-day exploit probability)

EPSS: 1.9%

Classification

Attack Type

DoS

Attack SophisticationModerate

Impact (CIA+S)

availability

Related Issues

medium

CVE-2022-29200: TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implem

Similar attackNVD/CVE Database

low

CVE-2021-29541: TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a dereference of a null p

First tracked: February 15, 2026 at 08:43 PM

Classified by LLM (prompt v3) · confidence: 65%